ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 222 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 222
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has started using AWS across several teams. Each team has multiple accounts and unique security profiles. The company manages the accounts in an organization in AWS Organizations. Each account has its own configuration and security controls.

The company's DevOps team wants to use preventive and detective controls to govern all accounts. The DevOps team needs to ensure the security of accounts now and in the future as the company creates new accounts in the organization.

Which solution will meet these requirements?

  • A. Use Organizations to create OUs that have appropriate SCPs attached for each team. Place team accounts in the appropriate OUs to apply security controls. Create any new team accounts in the appropriate OUs.
  • B. Create an AWS Control Tower landing zone. Configure OUs and appropriate controls in AWS Control Tower for the existing teams. Configure trusted access for AWS Control Tower. Enroll the existing accounts in the appropriate OUs that match the appropriate security policies for each team. Use AWS Control Tower to provision any new accounts.
  • C. Create AWS CloudFormation stack sets in the organization's management account. Configure a stack set that deploys AWS Config with configuration rules and remediation actions for all controls to each account in the organization. Update the stack sets to deploy to new accounts as the accounts are created.
  • D. Configure AWS Config to manage the AWS Config rules across all AWS accounts in the organization. Deploy conformance packs that provide AWS Config rules and remediation actions across the organization.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Seoyong at March 27, 2024, 10:04 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
c3518fc
Highly Voted 6 months, 1 week ago
Selected Answer: B
A control is a high-level rule that provides ongoing governance for your overall AWS environment. It's expressed in plain language. AWS Control Tower implements preventive, detective, and proactive controls that help you govern your resources and monitor compliance across groups of AWS accounts. https://docs.aws.amazon.com/controltower/latest/controlreference/controls.html
upvoted 6 times
...
Seoyong
Highly Voted 7 months ago
Selected Answer: B
About controls in AWS Control Tower: https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
upvoted 5 times
...
dkp
Most Recent 6 months, 2 weeks ago
Selected Answer: B
answer B
upvoted 3 times
...
Ola2234
6 months, 3 weeks ago
Option B. Keyword: Preventive and detective controls to govern all accounts. This service is provided by guardrails as part of AWS Control Tower.
upvoted 2 times
...
WhyIronMan
7 months ago
Selected Answer: B
https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
upvoted 3 times
...
ogerber
7 months ago
Selected Answer: B
its B for me
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago